Only send notification emails to verified users

Adds verified? check to bundling_emails? to prevent notification emails
from being sent to users who have never authenticated. This closes the
spam vector where bad actors could create users for known email
addresses and trigger unwanted notifications by mentioning them.

Co-Authored-By: Claude <noreply@anthropic.com>

Author: flavorjones

app/models/user/settings.rb

@@ -21,7 +21,7 @@ def bundle_aggregation_period
   end
 
   def bundling_emails?
-    !bundle_email_never? && !user.system? && user.active?
+    !bundle_email_never? && !user.system? && user.active? && user.verified?
   end
 
   def timezone

test/models/user/settings_test.rb

@@ -49,5 +49,9 @@ class User::SettingsTest < ActiveSupport::TestCase
 
     @user.update!(role: :member, active: false)
     assert_not @user.settings.bundling_emails?, "Inactive users should not receive bundled emails"
+
+    @user.update!(active: true)
+    @user.update_column(:verified_at, nil)
+    assert_not @user.settings.bundling_emails?, "Unverified users should not receive bundled emails"
   end
 end